Modern security for microcontrollers
|
|
- Alfred Floyd
- 5 years ago
- Views:
Transcription
1 The challenge of scaling IoT Modern security for microcontrollers Gaining user-trust & keeping it Milosch Meriac Principal Security Research Lead
2 About me & my projects Principal Security Research Lead at Arm in Cambridge, UK. Specialized on embedded hardware security. Developed the ArmMBED uvisor, a secure hypervisor for Arm Cortex-M microcontrollers. Before joining Arm, I ve created a range of open hardware designs and software tools around RF(ID) / Bluetooth Low Energy security research and electronic art projects. More information on my private projects at meriac.com, & 2 OpenPCD.org OpenPICC.org
3 Blinkenlights Stereoscope OpenBeacon & SocioPatterns 3 X b o x L i n u x C o r e Te a m
4 Quick introduction: Security research at Arm
5 Collaboration Opportunities with Arm Research Security-topics we're working on Enforcement of device policies with hardware security features, secure protocols and instrumentation of devices and networks IoT malware detection (device and network), recovery from malware and containment of affected devices: from very constrained devices, through networks up to data centers Enabling end-to-end security/privacy architecture paradigms in cloud service products Enabling and promoting automated verification of Arm ecosystem products Expanding our tools for automated hypervisor and system verification 5
6 Collaboration Opportunities with Arm Research Strategic Security Projects Support next generation system security architectures in heterogeneous systems E.g. CHERI, sel4 and MirageOS Enabling memory authentication and encryption for mutually distrustful edge- & cloud-computing Arm architecture side channel evaluations and mitigations Particularly around branching, speculative execution, pipelines and caches. Support creation of formally verified secure and safe systems software Improving our verification tools and formal specifications. 6
7 Security Research at Arm Summary Separation and Isolation Mechanisms Trust, Identity and Provenance Side Channels Specifications and Correctness Crypto Performance, Emerging Ciphers 7
8 Why is microcontroller security hard?
9 9 Security + time = comedy If a product is successful, it will be hacked System designers must have clear threat models and act accordingly. Threat models must be designed into the system starting at silicon level. System designers and builders must find all flaws - attackers only have to find one. Old stuff has old bugs we won t run out of entertainment anytime soon. Device lifetime The security of a system is dynamic over its lifetime. Lifetimes of home automation nodes can be 10+ years. Attacks scale well The assumption of being hacked at some point requires a solid mitigation strategy for regaining control and simple, reliable and inexpensive updates. Do our defenses scale with our attackers? Assume you can t prevent being hacked Value of bugs is expressed by value = number_of_installations x device_value. Increased value and large deployments drive attackers - especially in the IoT. Massively parallelized security researchers & attackers vs. limited product development budget & time frame.
10 10 Flat memory models The 80 s called, and they want their security model back Flat address spaces are common for microcontrollers - resulting from their lack of memory management units (MMUs): yet that does not justify the absence of privilege separation. Many existing microcontrollers like Arm Cortex-M3/M4 have a hardware memory protection unit (MPU) to compensate for security impact of missing MMU. No separation Flat memory models and avoidance of MPUs ignores vital security models like least privilege. Escalation Flat memory models enable escalation & persistence of exploits: Device safety suffers. Uncontrolled writing to flash memories allows persistent exploits across reboots. Verification Security verification impossible due to the immense attack surface and lack of secure interfaces between system components. Leakage All your bases are belong to us thanks to leakage of identity keys or API tokens attacks are able to progress up the cloud stack.
11 11 Data security, seriously? Check your security assumptions Microcontroller storage security is still highly diverse and often originates from code-read protection. Yet your data must stay secret, Keys and firmware updates must be secured against tampering and rollback. Malware must not be allowed to become persistent by installing itself into flash. Sending people out to reset or even reflash pwnd IoT devices is not an option. We must ensure for device recovery to scale better than the device attacker. Out of memory As functionality and wireless stacks grow, microcontrollers run out code memory firmware downloads must therefore often be buffered externally to prevent device bricking. Update mechanisms are often vulnerable in presence of local attackers controlling the power supply, glitching CPUs or manipulating externally stored data. Data security? How confident are you, that your SRAM is erased when resetting the copy protection fuses on your microcontrollers? Additionally data can often be extracted indirectly by using CPU core registers, bootloader bugs or by stepping through code. Side channels leakage Microcontrollers often vulnerable to key/data extraction via side channels like power or execution time.
12 A consistent security model: Privilege separation for low-end Microcontrollers
13 Security for Microcontrollers? Consistent security models despite differences in architecture Compartmentalization of threads and processes on microcontrollers consistent with MMU-enforced application CPU security: Private stack and data sections Initialization of memory protection unit based (MPU) on process permissions: Whitelist approach only required peripherals should be accessible to each box ( Least Privilege ) Each box must have private.bss data and stack sections Switch execution to non-secure side/app, continue boot unprivileged to initialize OS and libraries to reduce the attack surface 13
14 Memory Protection Units on Arm Cortex-M Microcontrollers Can prevent application tasks from corrupting OS or other task data: Improved system reliability through hardware security. Enable configurable memory regions 14 Address Size Memory attributes Access permissions Optional in all Cortex-M and available on most (except Cortex-M0) ARM Cortex-M OS kernel (privileged) task A task B task C MPU configuration MPU MEMORY I/O #n I/O #2 I/O #1 I/O #0 data for OS kernel data for task A data for task B data for task C
15 Use case: Secure outbound communication Reduce attack-surface of function-critical code and increase bug-resilience Trusted messages contain commands, data or firmware parts. Box security not affected by communication stack exploits, bugs or infections outside of trusted box. Payload delivery is agnostic of protocol stack. Resilient box communication over the available channels, protocol-independent: Exposed Application Code Opaque GAP GATT AP BLE LL Bluetooth Communication Stack Exposed box with communication stack Opaque Block Decrypt and verify using DTLS Commands, Data, Firmware Blob Secured and trusted device process Trusted box without communication Stack IoT Device owned by user. Initial identity provisioned by System Integrator Messages delivered agnostic of communication stack 15 Ethernet, CAN-Bus, USB, Serial Bluetooth, Wi-Fi, ZigBee, 6LoWPAN
16 Use case: Secure server communication & Device identity Communication protected using TLS. Raw message payloads decrypted and verified directly by protected code: TLS protocol box not exposed to communication protocol stack bugs. No interference by other boxes. Client-authentication and encryption keys are protected against malware, keyextraction and identity theft. Device-malware cannot interfere without knowing encryption- or signing-keys. Exposed Application Code Opaque IP Stack, Wireless Stack Decrypted Exposed box with communication stack Opaque Block Decrypt and verify using DTLS Decryption Keys Decrypted Block TLS box handles only the SSL protocol Initial keys provisioned by System Integrator. Messages decoded independent of stacks using mbed TLS in separate security context 16
17 Use case: Secure remote firmware update Delivery of firmware update must be decoupled from a protocol-independent firmware image verification Re-flash Untrusted Application Upon Completion Bugs in communication stacks or cloud infrastructure must not compromise the firmware update: End-to-end security for firmware updates between the firmware developer and the secure box Secure box on the device has exclusive flash-write-access Box with flash controller ACLs only needs the public update key to verify validity of firmware. Local malware can t forge a valid firmware signature to the firmware update box, the required private firmware signature key is not in the device. Custom Application Code Opaque GAP GATT AP BLE LL Bluetooth Communication Stack Exposed box with communication stack Opaque Block Decrypt and verify using DTLS Firmware update blocks FW005 Secured and trusted device process Flash interface box protected by mbed uvisor without own communication stack IoT device owned by user, Initial identity provisioned by System Integrator, Messages delivered independent of stacks Firmware Update Image Secure Storage, Firmware Update Blocks 17
18 Use case: Controlled malware recovery Devices can be remotely recovered from malware: Enforced communication through the exposed side to the server. Thanks to flash controller ACL restrictions, malware cannot modify monitor code or install itself into non-volatile memories. Receive latest security rules and virus behaviour fingerprints for detection. Share detected pattern fingerprint matches with control server Distributed detection of viruses and live infrastructure attacks. When communication with server breaks for minimum time: Disambiguation from network failure: Parts of the device stack are reset to a known-good state. Device-reboot prevents malware from staying persistent on the device. Device switches to a safe mode after boot to rule out network problems or to remotely update the firmware if needed and continues operation. 18
19 Outlook: Arm TrustZone Technology for Microcontrollers Bringing Arm security extensions to the embedded world Optional security extension for the Armv8-M architecture Dramatically simplified security model for Safety-critical device code New security architecture for deeply embedded Cortex-M processors Better containerisation of software: Simplified security assessment of embedded devices Similar and compatible to existing TrustZone technology New architecture tailored for embedded devices Adds new security domains with visibility on system/bus level enabling security-aware peripherals, untrusted drivers and secure DMA. Preserves low interrupt latencies of Arm Cortex-M Provides high performance cross-domain calling 19
20 Applying Arm TrustZone to Cortex-M Microcontrollers Armv8-M architecture introduced with upcoming Cortex-M23 and Cortex-M33 microcontrollers Extends hardware security features to system level Security-aware DMA peripherals and debugging Security extended to memories and peripherals through bus filters Memory protection controllers (MPC) Peripheral protection controllers (PPC) CPU can run in secure and in non-secure states, with visibility for all bus peripherals Efficient and privacy-enabled transitions between the two security modes Two instances of the interrupt vector table, one for exclusive use on the secure side. Stack overflow protection Secure regions Non-secure regions 20
21 Scaling Security: Moving towards an IoT Immune System
22 Moving towards IoT Immune Systems Overview Detection Node Instrumentation & Behaviour Sensors Fingerprinting Node Behaviour and System Network Traffic Management Big data analysis of system behaviour over all customers of a Security as a Service provider to weed out false positives and to establish a baseline for device behaviour Live & Continuous System Health Check Isolation, Containment and re-flashing of infected Nodes: IoT Immune System Prevention, Removal & Containment Immunization of System identify Loopholes by using statistical analysis (Device Types, Firmware versions, System Events, Program Execution Patterns, Traffic Patterns) of events leading up to an infection. Block know-malicious signatures on network boundaries using centralized block lists to protect outdated devices. 22
23 IoT Immune System Instrumentation Requirements for IoT Node Malware Detection & Removal Node Instrumentation 23 CPU level sensors: Program Counter & Performance counters statistics Detection of Code/Data access patterns Debug-Interfaces (CoreSight TMC etc) Standardized Board level sensors & protocols CPU/Board Power consumption patterns Inbound/Outbound traffic classification/density Intrusion sensors (Housing, Light Sensors, Chip level etc.) Hardware revision, Product ID, Manufacturer and Firmware version of the device visible to log server Acceleration sensors to detect movement/vibrations resulting from physical attacks Implementation Details Die-Sensors or external watchdogs measure system behaviour Sign internal/external measurements plus timestamps and store in cryptographic ledger can be stored in local network or in offline storage if needed. Establish distributed Traffic Sensors for measuring Traffic density and direction to enable protection within the (mesh) network. Signed/Encrypted packets with traffic/behaviour observations are sent back to centralized log servers (local and remote) Feed signed/encrypted behaviour measurements back to Application CPU which is responsible for sending the measurements back to centralized servers. Non-Compliant applications are reset/re-flashed if they can t prove message delivery cryptographically using crypto-watchdog methodologies.
24 IoT Immune System Instrumentation Network Level Immune Reactions & Recovery Node requirements Implementation Details 24 Ability to isolate/quarantine nodes by changing/revoking access keys and tunnelling traffic to a control host (log server?) In cases where node functionality is critical, we must enable infected node operation but maintain network QoS and protect internal and external hosts. Ability to reset & re-flash nodes wirelessly even assuming a malicious application on the Node. Standardize FOTA file formats and network protocols Prevent firmware downgrade attacks of nodes, with operational exceptions reverting to previously used firmware version over a limited time. Security as a Service provider can only push node-vendorsigned Firmware Least Privilege Establish Watchdog-Style FOTA to externally enforce firmware update of infected systems remotely. FOTA requirements including policy enforcement and downgrade protection are already addressed in the latest Firmware Manifest Format. We started an IETF standardization process already. Isolation of nodes can be achieved by implementing software defined networking protocols. In the most simple case networks can be partitioned via Virtual LAN ID s (VLAN ID) which are commonly supported by managed routers. It might make sense to extend the concept of Layer VLAN s to mesh networks. VLAN ID s can be used End-to-End between Mesh Router and cloud architecture by using L2TP. In the advanced case the (wireless) network applies multiple encryption keys to segment the network and to enforce distinct policies. Secure Watchdog for remote recovery from malware infection.
25 IoT Health Services Health as a service for the internet of things Data Processing Actions taken 25 Receive lossy aggregated data from Node and Network sensors. To protect the users privacy, preaggregation/anonymization of traffic-activity patterns should be done in the local network (edge router etc.) Correlate sensor Data across similar devices and similar Firmware revisions Detect unusual patterns in data flows (for example an IoT sensor actively scanning the extended network for vulnerable devices) especially in wireless mesh networks Big data analysis across all service customers to weed out false positives. Behavioural changes due to different firmware revisions can be detected more reliably Easier to detect unusual patterns in larger data sets due to more data on devices with similar configuration Trigger Network immune reactions depending on calculated likelihood Optionally allow the Health Service to take action on your behalf (trigger firmware update, isolate nodes etc.). Optionally disambiguate security warnings (Incidents of lower likelihood) by human operators for premium customers and take extended action if necessary. After identifying Infection Vectors, distribute traffic/behaviour signatures for devices without patches Enforce policies so devices with unpatched devices can only be reached by filtered data (keeping them functional, but safe at higher latencies Remote Man-In-The middle firewall / DPI). Run filters at trusted border router to protect customers privacy. After an infection is detected, customer gets choice to involve cloud service into recovery efforts.
26 Trusting IoT Health Services Edge Computing Appliances for Resilience and User Privacy Protection Objective Establish trusted cloud computing appliances that will be deployed to the local network for greater availability and trust. Appliances can be as simple as hardened routers running simple software process or high-end tamper-proof 19 rack servers. Establish Trusted Execution Environment (TEE) boxes that can be remotely provisioned (cloud or owner) hardened against local physical attacks (cold boot attacks, malicious board level modifications & attacks) Cloud services can push down low-latency jobs, computation tasks, machine learning, application of machine learned models or for mirroring data speculatively from or to the local network. Platform guarantees integrity and security across multiple applications/vm s running on the device and protects against users tampering with the device locally (exfiltration of data, changing behaviour etc.) Increase the resilience of cloud applications: Core functionality of a cloud application can work without network connectivity. See Amazon AWS Greengrass as best-practice example for accessible compute at the edge. Support low power devices with trusted computing resources as important tasks can be migrated to AC-powered appliance in the local network. Hardware Security Requirements Encrypt and authenticate external memory interfaces (DDRAM, Flash) for operation in mutually distrustful environments 26 Establish hardware root of trust back to the SoC-manufacturer to prevent emulation-attacks
27 IoT Immune System & Health Services Summary Reduce Complexity of the local system/network security to standardized sensors and Immune Reaction Interfaces. Enable Big-Data Security Analysis of Malware detection sensors reduce noise by comparing similar devices across all customers while preserving the customers privacy. Detect infection vectors statistically by comparing commonalities of different hosts running the same firmware to establish baseline Monitor spread of malware and infer infected hosts from historic traffic metadata to coordinate node isolation. Aggregated analysis in cloud services allows continuous improvement of security rules. These rules can be exported back to edge computing notes for greater privacy and resilience. Rules / filters which are verified in cloud services can be enforced with low overhead at mesh level to prevent local spreading of malware. 27
28 Questions & Further Reading Please contact me at with your questions and suggestions. We re hiring please send me a mail! The ARM IoT Security Manifesto, describing an IoT Immune System: (Set of whitepapers) The Arm Platform Security Architecture: (Whitepaper) High-End Security for Low-End Microcontrollers: Hardware-Security Acceleration on Armv8-M Systems (Slides) (Whitepaper) 28
29 Thank You! Danke! Merci! 谢谢! ありがとう! Gracias! Kiitos! 감사합니다 धन यव द 29
30 The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. 30
Resilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models Xiao Sun Senior Application Engineer ARM Tech Symposia China 2015 November 2015 Evolution from M2M to IoT M2M Silos of Things Standards Security
More informationResilient IoT Security: The end of flat security models. Milosch Meriac IoT Security Engineer
Resilient IoT Security: The end of flat security models Milosch Meriac IoT Security Engineer milosch.meriac@arm.com Securing a computer system has traditionally been a battle of wits: the penetrator tries
More informationPractical real-time operating system security for the masses
Practical real-time operating system security for the masses Milosch Meriac Principal Security Engineer github.com/armmbed/uvisor ARM TechCon 25 th October 2016 Why is microcontroller security so hard?
More informationA Developer's Guide to Security on Cortex-M based MCUs
A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationNew Approaches to Connected Device Security
New Approaches to Connected Device Security Erik Jacobson Architecture Marketing Director Arm Arm Techcon 2017 - If you connect it to the Internet, someone will try to hack it. - If what you put on the
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Sr. Technical Marketing Manager Tech Symposia China 2015 November 2015 Agenda Introduction Security Foundations on ARM Cortex -M Security Foundations
More informationBuilding firmware update: The devil is in the details
Building firmware update: The devil is in the details Atsushi Haruta, IoT Services Group, Arm Arm Tech Symposia Japan 2017 Arm Mbed: Secure device management Application Cloud Mbed Cloud Secure, scalable,
More informationFirmware Updates for Internet of Things Devices
Firmware Updates for Internet of Things Devices Brendan Moran, Milosch Meriac, Hannes Tschofenig Drafts: draft-moran-suit-architecture draft-moran-suit-manifest 1 WHY DO WE CARE? 2 IoT needs a firmware
More informationBeyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development
Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Senior Technical Marketing Manager Shenzhen / ARM Tech Forum / The Ritz-Carlton June 14, 2016 Agenda Introduction Security Foundations on Cortex-A
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Rob Coombs Security Marketing Director TechCon 11/10/15 Agenda Introduction Security Foundations on Cortex-M Security Foundations on Cortex-A Use cases
More informationBeyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop
Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop Part2 Security Enclaves Tech Seminars 2017 Agenda New security technology for IoT Security Enclaves CryptoIsland
More informationAccelerating intelligence at the edge for embedded and IoT applications
Accelerating intelligence at the edge for embedded and IoT applications Arm Tech Symposia 2017 Agenda The emergence of intelligence at the edge Requirements for intelligent edge computing IP and technologies
More informationARM TrustZone for ARMv8-M for software engineers
ARM TrustZone for ARMv8-M for software engineers Ashok Bhat Product Manager, HPC and Server tools ARM Tech Symposia India December 7th 2016 The need for security Communication protection Cryptography,
More informationmbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017
mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM mbed: Connecting chip to cloud Device software Device services Third-party cloud services IoT device application mbed Cloud Update IoT cloud
More informationArm TrustZone Armv8-M Primer
Arm TrustZone Armv8-M Primer Odin Shen Staff FAE Arm Arm Techcon 2017 Security Security technologies review Application Level Security Designed with security in mind: authentication and encryption Privilege
More informationHow to protect Automotive systems with ARM Security Architecture
How to protect Automotive systems with ARM Security Architecture Thanks to this app You can manoeuvre The new Forpel Using your smartphone! Too bad it s Not my car Successful products will be attacked
More informationThe Next Steps in the Evolution of Embedded Processors
The Next Steps in the Evolution of Embedded Processors Terry Kim Staff FAE, ARM Korea ARM Tech Forum Singapore July 12 th 2017 Cortex-M Processors Serving Connected Applications Energy grid Automotive
More informationTrustzone Security IP for IoT
Trustzone Security IP for IoT Udi Maor CryptoCell-7xx product manager Systems & Software Group ARM Tech Forum Singapore July 12 th 2017 Why is getting security right for IoT so important? When our everyday
More informationARM mbed mbed OS mbed Cloud
ARM mbed mbed OS mbed Cloud MWC Shanghai 2017 Connecting chip to cloud Device software Device services Third-party cloud services IoT device application mbed Cloud Update IoT cloud applications Analytics
More informationA Secure and Connected Intelligent Future. Ian Smythe Senior Director Marketing, Client Business Arm Tech Symposia 2017
A Secure and Connected Intelligent Future 1 2017 Arm Copyright Limited Arm 2017 Ian Smythe Senior Director Marketing, Client Business Arm Tech Symposia 2017 Arm: The Industry s Architecture of Choice 50
More informationBuilding mbed Together: An Overview of mbed OS and How To Get Involved
Building mbed Together: An Overview of mbed OS and How To Get Involved Hugo Vincent / Product Lead mbed OS, Paul Bakker / Product Strategy, mbed IoT Device Platform mbed Sponsored Session/ ARM Tech Con
More informationThe Next Steps in the Evolution of ARM Cortex-M
The Next Steps in the Evolution of ARM Cortex-M Joseph Yiu Senior Embedded Technology Manager CPU Group ARM Tech Symposia China 2015 November 2015 Trust & Device Integrity from Sensor to Server 2 ARM 2015
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationThe Changing Face of Edge Compute
The Changing Face of Edge Compute 2018 Arm Limited Alvin Yang Nov 2018 Market trends acceleration of technology deployment 26 years 4 years 100 billion chips shipped 100 billion chips shipped 1 Trillion
More informationARM mbed Technical Overview
ARM mbed Technical Overview Byungdoo Choi ARM IoTBU FAE Korea June 2017 ARM 2017 ARM knows the world of connected devices >95% market share >85% market share >90% market share >90% market share smartphone
More informationAccelerating IoT with ARM mbed
Accelerating IoT with ARM mbed Zach Shelby VP Marketing Internet of Things Business Unit mbed Connect / Shenzhen, China 15 th Dec 2015 Productivity Security Connectivity Management Efficiency 2 Since TechCon
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationBeyond TrustZone Part 1 - PSA
Beyond TrustZone Part 1 - PSA Rob Coombs Security Director, Arm Arm Tech Symposia 2017, Hsinchu Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat models & security
More informationImplementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited
Implementing debug and trace access through functional I/O Alvin Yang Staff FAE Arm Tech Symposia 2017 Agenda Debug and trace access limitations A new approach Protocol based Bare metal vs mission mode
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationBeyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited
Beyond TrustZone PSA Rob Coombs Security Director Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat models & security analyses Summary
More informationAccelerating IoT with ARM mbed
Accelerating IoT with ARM mbed Paul Bakker Product Strategy, IoT BU ARM Tech Symposia China 2015 November 2015 Productivity Security Connectivity Management Efficiency 2 Since TechCon Last Year 60K 2014
More informationARM mbed Technical Overview
ARM mbed Technical Overview Jerry Wang, FAE, ISG ARM Tech Forum Taipei July 4 th 2017 ARM mbed: Connecting chip to cloud Device software Device services Third-party cloud services IoT device application
More informationMobile & IoT Market Trends and Memory Requirements
Mobile & IoT Market Trends and Memory Requirements JEDEC Mobile & IOT Forum Daniel Heo ARM Segment Marketing Copyright ARM 2016 Outline Wearable & IoT Market Opportunities Challenges in Wearables & IoT
More informationCompute solutions for mass deployment of autonomy
Compute solutions for mass deployment of autonomy Rod Watt Director of Vehicle Architecture and System Analysis Introduction 2 From inception to now 1990 Joint venture between Acorn Computers and Apple.
More informationUsing Virtual Platforms To Improve Software Verification and Validation Efficiency
Using Virtual Platforms To Improve Software Verification and Validation Efficiency Odin Shen Staff FAE Arm Arm Tech Symposia Taiwan 2017 Software complexity and best practices Software Costs Increasing
More informationFundamentals of HW-based Security
Fundamentals of HW-based Security Udi Maor CryptoCell-7xx Product Manager Systems and SW Group ARM Tech Forum 2016 - Korea Jun. 28, 2016 What is system security design? Every system design will require
More informationBringing Intelligence to Enterprise Storage Drives
Bringing Intelligence to Enterprise Storage Drives Neil Werdmuller Director Storage Solutions Arm Santa Clara, CA 1 Who am I? 28 years experience in embedded Lead the storage solutions team Work closely
More informationConnect your IoT device: Bluetooth 5, , NB-IoT
Connect your IoT device: Bluetooth 5, 802.15.4, NB-IoT Prithi Ramakrishnan Arm TechTalk 2017 IoT connectivity technologies Multiple standards, different applications Throughput Unlicensed >100Mbps Wi-Fi
More informationAccelerating IoT with ARM mbed
Accelerating IoT with ARM mbed Dr.Krisztián Flautner General Manager / ARM Internet of Things Business Unit ARM Holdings Ltd mbed Sponsored Session / ARM TechCon 2015 11 th Nov 2015 Productivity Security
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationImplementing Secure Software Systems on ARMv8-M Microcontrollers
Implementing Secure Software Systems on ARMv8-M Microcontrollers Chris Shore, ARM TrustZone: A comprehensive security foundation Non-trusted Trusted Security separation with TrustZone Isolate trusted resources
More informationDiversity of. connectivity required for scalable IoT devices. Sam Grove Principal Software Engineer Arm. Arm TechCon 2017.
Diversity of connectivity required for scalable IoT devices Sam Grove Principal Software Engineer Arm Arm TechCon 2017 Introduction Mbed introduction Mbed Cloud Connect Addressing the complexity of reliably
More informationCortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving
Cortex-A75 and Cortex- DynamIQ processors Powering applications from mobile to autonomous driving Lionel Belnet Sr. Product Manager Arm Arm Tech Symposia 2017 Agenda Market growth and trends DynamIQ technology
More informationMobile & IoT Market Trends and Memory Requirements
Mobile & IoT Market Trends and Memory Requirements JEDEC Mobile & IOT Forum Copyright 2016 [ARM Inc.] Outline Wearable & IoT Market Opportunity Challenges in Wearables & IoT Market ARM technology tackles
More informationTrusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague
Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July 2017 -- IETF 99 th, Prague 2 What do we mean by security? Communication Security Aims
More informationA New Security Platform for High Performance Client SoCs
A New Security Platform for High Performance Client SoCs Udi Maor, Sr. Product manager, Client Line of Business October 2018 udi.maor@arm.com Agenda What are Client devices? Arm s approach to Trusted Execution
More informationARMv8-M Architecture Technical Overview
ARMv8-M Architecture Technical Overview 10-Nov-2015 Joseph Yiu Senior Embedded Technology Manager, CPU Product Group, ARM Introduction ARM Cortex -M Processors are the most popular processor series in
More information2017 Arm Limited. How to design an IoT SoC and get Arm CPU IP for no upfront license fee
2017 Arm Limited How to design an IoT SoC and get Arm CPU IP for no upfront license fee An enhanced Arm DesignStart Building on a strong foundation Successfully used by 1000s of designers, researchers
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationMobile & IoT Market Trends and Memory Requirements
Mobile & IoT Market Trends and Memory Requirements JEDEC Mobile & IOT Forum Ivan H. P. Lin ARM Segment Marketing Copyright ARM 2016 Outline Wearable & IoT Market Opportunities Challenges in Wearables &
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationConnect Your IoT Device: Bluetooth 5, , NB-IoT
Connect Your IoT Device: Bluetooth 5, 802.15.4, NB-IoT Craig Tou Business Development Manager, Arm Arm Tech Symposia 2017, Taipei IoT Devices - Everything Connects New classes of connectivity for a new
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationAdvanced IP solutions enabling the autonomous driving revolution
Advanced IP solutions enabling the autonomous driving revolution Chris Turner Director, Emerging Technology & Strategy, Embedded & Automotive Arm Shanghai, Beijing, Shenzhen Arm Tech Symposia 2017 Agenda
More informationCisco Desktop Collaboration Experience DX650 Security Overview
White Paper Cisco Desktop Collaboration Experience DX650 Security Overview Cisco Desktop Collaboration Experience DX650 Security Overview The Cisco Desktop Collaboration Experience DX650 (Cisco DX650)
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationCortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving
Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving Stefan Rosinger Director, Product Management Arm Arm TechCon 2017 Agenda Market growth and trends DynamIQ
More informationManaging & Accelerating Innovation with Open Source at the Edge
Managing & Accelerating Innovation with Open Source at the Edge Bill Hunt, CTO - Dianomic Welcome! The IIoT Opportunity Resolve Complexity & Fragmentation with FogLAMP Use case: Defense Contractor Aircraft
More informationWAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Arm Limited
WAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Artificial Intelligence Fifth wave Data-driven computing era IoT Generating data 5G 5G Transporting
More informationArm Mbed Edge. Shiv Ramamurthi Arm. Arm Tech Symposia Arm Limited
Arm Mbed Edge Shiv Ramamurthi Arm Arm Tech Symposia 2017 IoT increasing efficiency, yield, and convenience Commercial buildings Better energy & space utilization Precision farming and connected sites Increased
More informationARM mbed Towards Secure, Scalable, Efficient IoT of Scale
ARM mbed Towards Secure, Scalable, Efficient IoT of Scale Kirsi Maansaari Product Manager, ARM Copenhagen/Embedded Everywhere 2016 Faster route to secure IoT from chip to cloud Announced at ARM TechCon
More informationCCIX: a new coherent multichip interconnect for accelerated use cases
: a new coherent multichip interconnect for accelerated use cases Akira Shimizu Senior Manager, Operator relations Arm 2017 Arm Limited Arm 2017 Interconnects for different scale SoC interconnect. Connectivity
More informationthe ARMv8-M architecture
Connect TrustZone User technology Guide for the ARMv8-M architecture Version 0.1 Version 2.0 Page 1 of 28 Revision Information The following revisions have been made to this User Guide. Date Issue Confidentiality
More informationCrises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.
Crises Control Cloud Security Principles Transputec provides ICT Services and Solutions to leading organisations around the globe. As a provider of these services for over 30 years, we have the credibility
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationTRESCCA Trustworthy Embedded Systems for Secure Cloud Computing
TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing IoT Week 2014, 2014 06 17 Ignacio García Wellness Telecom Outline Welcome Motivation Objectives TRESCCA client platform SW framework for
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationLaunch Smart Products With End-to-End Solutions You & Your Customers Can Trust
Solution Brief: Launch Smart Products With End-to-End Solutions You & Your Customers Can Trust DeviceTone, our ready to run "connect, manage and enable" solution for product companies, makes secure connectivity,
More informationMcAfee Embedded Control
McAfee Embedded Control System integrity, change control, and policy compliance in one solution for integrated control systems McAfee Embedded Control for integrated control systems (ICSs) maintains the
More information#RSAC #RSAC Thing Thing Thing Thing Thing Thing Edge Edge Gateway Gateway Cut costs Create value Find information in data then act Maintain Things Enrol Authorized Users & Things Authentication
More informationProvisioning secure Identity for Microcontroller based IoT Devices
Provisioning secure Identity for Microcontroller based IoT Devices Mark Schaeffer, Sr. Product Marketing Manager, Security Solutions Synergy IoT Platform Business Division, Renesas Electronics, Inc. May
More informationIS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS
IS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS I understand the difference in destruction is dramatic, but this has a whiff of August 1945. Someone just used a new weapon,
More informationIntroducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.
Introducing MVISION Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls Jon Parkes McAfee 1 All information provided here is subject to non-disclosure
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationEDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC
EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE 6 2018 PUBLIC PUBLIC 2 Key concerns with IoT.. PUBLIC 3 Why Edge Computing? CLOUD Too far away Expensive connectivity
More informationQPSI. Qualcomm Technologies Countermeasures Update
QPSI Qualcomm Technologies Countermeasures Update 1 Introduction Sometime back in 2010 Let s have exploit countermeasures on our products Why? Hard to fix all bugs. We might as well make them more fun
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationCloud FastPath: Highly Secure Data Transfer
Cloud FastPath: Highly Secure Data Transfer Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. Tervela has been creating high performance
More informationConfessions of a security hardware driver maintainer
Confessions of a security hardware driver maintainer Gilad Ben-Yossef Principal Software Engineer About me My name is Gilad Ben-Yossef. I work on upstream Linux kernel cryptography and security in genera,l
More informationAutomotive Anomaly Monitors and Threat Analysis in the Cloud
Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications
More informationSGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut
SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationMaximizing heterogeneous system performance with ARM interconnect and CCIX
Maximizing heterogeneous system performance with ARM interconnect and CCIX Neil Parris, Director of product marketing Systems and software group, ARM Teratec June 2017 Intelligent flexible cloud to enable
More information6.857 L17. Secure Processors. Srini Devadas
6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);
More informationLive Demo: A New Hardware- Based Approach to Secure the Internet of Things
SESSION ID: CCS-W04 Live Demo: A New Hardware- Based Approach to Secure the Internet of Things Cesare Garlati Chief Security Strategist prpl Foundation @CesareGarlati Securing the Internet of (broken)
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationUnderstanding Layer 2 Encryption
Understanding Layer 2 Encryption TECHNICAL WHITEPAPER Benefits of Layer 2 Encryption Lowest cost of ownership Better bandwith efficiency (up to 50%) Minimal ongoing maintenance routing updates transparent
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More information